Security Training
Introduction | Certification | Courses & Dates
Web Application Security Audit (WASA) Course Outline
A Web Application can be the most important element of any business presence, but also may be the most vulnerable element. The Web application may be easily exploited causing damage to the customer perception of an organisation which could prove significantly damaging to both business and customer. Whether your website holds sensitive information on e-commerce transactions or retrieves public information from a database back-end, the application itself may expose you to threats you have never considered.
WASA differs from the traditional type of penetration testing that probes routers, servers, e-mail servers and FTP services and therefore requires a different skill set.
This course will cover the following topics to ensure delegates can effectively carry out a web application security audit:
- contracts and legalities
- server
- server fingerprinting
- server vulnerability identification
- bugs or missing patches
- web server misconfiguration
- browser-side or client side risks
- data intercept
- SSL man in the middle attacks
- application
- mapping, mirroring & fingerprinting
- source code analysis
- authentication method analysis
- parameter manipulation
- URL value brute forcing
- cookie manipulation
- hidden form field tampering
- Cross-Site Scripting (XSS) attacks
- reverse engineering of application code
- database systems
- SQL injection
- database connection parameters
- breaking out of the application
- reporting
Who should attend the course?
- IT professionals that wish to move into the IT security field
- IT security professionals that wish to increase their knowledge of penetration testing in order to conduct web application reviews.
- Web developers that wish to learn more about the attacks mounted against their web applications to better prepare them to defend against them.
Pre-Requisites:
- Must have good knowledge of different operating systems such as Windows and *nix variants.
- Advisable to have some experience with web based coding such as HTML, JavaScript, asp etc.
External Links: DNS
Learning IT, Springfield House, Laurelhill Business Park, Stirling, FK7 9JQ